diff --git a/SOURCES/CVE-2021-20270-infinite-loop-in-SML-lexer.patch b/SOURCES/CVE-2021-20270-infinite-loop-in-SML-lexer.patch
new file mode 100644
index 0000000..c1dbe48
--- /dev/null
+++ b/SOURCES/CVE-2021-20270-infinite-loop-in-SML-lexer.patch
@@ -0,0 +1,33 @@
+diff --git a/pygments/lexers/functional.py b/pygments/lexers/functional.py
+index ee44f7c..3d6841e 100644
+--- a/pygments/lexers/functional.py
++++ b/pygments/lexers/functional.py
+@@ -632,7 +632,7 @@ class SMLLexer(RegexLexer):
+             (r'#\s+(%s)' % symbolicid_re, Name.Label),
+             # Some reserved words trigger a special, local lexer state change
+             (r'\b(datatype|abstype)\b(?!\')', Keyword.Reserved, 'dname'),
+-            (r'(?=\b(exception)\b(?!\'))', Text, ('ename')),
++            (r'\b(exception)\b(?!\')', Keyword.Reserved, 'ename'),
+             (r'\b(functor|include|open|signature|structure)\b(?!\')',
+              Keyword.Reserved, 'sname'),
+             (r'\b(type|eqtype)\b(?!\')', Keyword.Reserved, 'tname'),
+@@ -803,15 +803,14 @@ class SMLLexer(RegexLexer):
+         'ename': [
+             include('whitespace'),
+ 
+-            (r'(exception|and)\b(\s+)(%s)' % alphanumid_re,
++            (r'(and\b)(\s+)(%s)' % alphanumid_re,
+              bygroups(Keyword.Reserved, Text, Name.Class)),
+-            (r'(exception|and)\b(\s*)(%s)' % symbolicid_re,
++            (r'(and\b)(\s*)(%s)' % symbolicid_re,
+              bygroups(Keyword.Reserved, Text, Name.Class)),
+             (r'\b(of)\b(?!\')', Keyword.Reserved),
++            (r'(%s)|(%s)' % (alphanumid_re, symbolicid_re), Name.Class),
+ 
+-            include('breakout'),
+-            include('core'),
+-            (r'\S+', Error),
++            ('', Text, '#pop'),
+         ],
+ 
+         'datcon': [
diff --git a/SOURCES/CVE-2021-27291.patch b/SOURCES/CVE-2021-27291.patch
new file mode 100644
index 0000000..d9d636b
--- /dev/null
+++ b/SOURCES/CVE-2021-27291.patch
@@ -0,0 +1,57 @@
+diff --git a/pygments/lexers/agile.py b/pygments/lexers/agile.py
+index 024ab8d..b0321d2 100644
+--- a/pygments/lexers/agile.py
++++ b/pygments/lexers/agile.py
+@@ -1652,7 +1652,7 @@ class FactorLexer(RegexLexer):
+             (r'(?:<PRIVATE|PRIVATE>)', Keyword.Namespace),
+ 
+             # strings
+-            (r'"""\s+(?:.|\n)*?\s+"""', String),
++            (r'"""\s(?:.|\n)*?\s"""', String),
+             (r'"(?:\\\\|\\"|[^"])*"', String),
+             (r'CHAR:\s+(\\[\\abfnrstv]*|\S)\s', String.Char),
+ 
+diff --git a/pygments/lexers/math.py b/pygments/lexers/math.py
+index f500231..6188562 100644
+--- a/pygments/lexers/math.py
++++ b/pygments/lexers/math.py
+@@ -182,7 +182,7 @@ class MatlabLexer(RegexLexer):
+             (r'[^\']*\'', String, '#pop')
+         ],
+         'deffunc': [
+-            (r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
++            (r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
+              bygroups(Text.Whitespace, Text, Text.Whitespace, Punctuation,
+                       Text.Whitespace, Name.Function, Punctuation, Text,
+                       Punctuation, Text.Whitespace), '#pop'),
+@@ -627,7 +627,7 @@ class OctaveLexer(RegexLexer):
+             (r"[^']*'", String, '#pop'),
+         ],
+         'deffunc': [
+-            (r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
++            (r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
+              bygroups(Text.Whitespace, Text, Text.Whitespace, Punctuation,
+                       Text.Whitespace, Name.Function, Punctuation, Text,
+                       Punctuation, Text.Whitespace), '#pop'),
+@@ -694,7 +694,7 @@ class ScilabLexer(RegexLexer):
+             (r'.', String, '#pop'),
+         ],
+         'deffunc': [
+-            (r'(\s*)(?:(.+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
++            (r'(\s*)(?:(\S+)(\s*)(=)(\s*))?(.+)(\()(.*)(\))(\s*)',
+              bygroups(Text.Whitespace, Text, Text.Whitespace, Punctuation,
+                       Text.Whitespace, Name.Function, Punctuation, Text,
+                       Punctuation, Text.Whitespace), '#pop'),
+diff --git a/pygments/lexers/templates.py b/pygments/lexers/templates.py
+index 8485072..d1c4308 100644
+--- a/pygments/lexers/templates.py
++++ b/pygments/lexers/templates.py
+@@ -1408,7 +1408,7 @@ class EvoqueLexer(RegexLexer):
+             # see doc for handling first name arg: /directives/evoque/
+             #+ minor inconsistency: the "name" in e.g. $overlay{name=site_base}
+             # should be using(PythonLexer), not passed out as String
+-            (r'(\$)(evoque|overlay)(\{(%)?)(\s*[#\w\-"\'.]+[^=,%}]+?)?'
++            (r'(\$)(evoque|overlay)(\{(%)?)(\s*[#\w\-"\'.]+)?'
+              r'(.*?)((?(4)%)\})',
+              bygroups(Punctuation, Name.Builtin, Punctuation, None,
+                       String, using(PythonLexer), Punctuation)),
diff --git a/SPECS/python-pygments.spec b/SPECS/python-pygments.spec
index a7471c4..2787478 100644
--- a/SPECS/python-pygments.spec
+++ b/SPECS/python-pygments.spec
@@ -5,7 +5,7 @@
 
 Name:           %{?scl_prefix}python-pygments
 Version:        1.5
-Release:        3%{?dist}
+Release:        5%{?dist}
 Summary:        Syntax highlighting engine written in Python
 
 Group:          Development/Libraries
@@ -18,6 +18,15 @@ BuildArch:      noarch
 BuildRequires:  %{?scl_prefix}python2-devel >= 2.4, %{?scl_prefix}python-setuptools, %{?scl_prefix}python-nose
 Requires:       %{?scl_prefix}python-setuptools
 
+# Fix CVE-2021-20270: infinite loop in SML lexer which may lead to DoS
+# Resolved upstream: https://github.com/pygments/pygments/commit/f91804ff4772e3ab41f46e28d370f57898700333
+Patch1:         CVE-2021-20270-infinite-loop-in-SML-lexer.patch
+
+# CVE-2021-27291: ReDos via crafted malicious input
+# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-27291
+# Upstream fix: https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
+Patch2:         CVE-2021-27291.patch
+
 %description
 Pygments is a generic syntax highlighter for general use in all kinds
 of software such as forum systems, wikis or other applications that
@@ -36,10 +45,12 @@ need to prettify source code. Highlights are:
 
 %prep
 %setup -q -n Pygments-%{version}
+%patch1 -p1
+%patch2 -p1
 
 %build
 %{?scl:scl enable %{scl} "}
-%{__python} setup.py build
+%{__python2} setup.py build
 %{?scl:"}
 %{__sed} -i 's/\r//' LICENSE
 
@@ -47,7 +58,7 @@ need to prettify source code. Highlights are:
 rm -rf $RPM_BUILD_ROOT
 
 %{?scl:scl enable %{scl} "}
-%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT
+%{__python2} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT
 %{?scl:"}
 
 pushd docs
@@ -68,11 +79,19 @@ make test
 %files
 %defattr(-,root,root,-)
 %doc AUTHORS CHANGES docs/html docs/reST LICENSE TODO
-%{python_sitelib}/*
+%{python2_sitelib}/*
 %{_bindir}/pygmentize
 %lang(en) %{_mandir}/man1/pygmentize.1.gz
 
 %changelog
+* Tue Jul 20 2021 Charalampos Stratakis <cstratak@redhat.com> - 1.5-5
+- Fix CVE-2021-27291: ReDos via crafted malicious input
+Resolves: rhbz#1940603
+
+* Wed Mar 03 2021 Charalampos Stratakis <cstratak@redhat.com> - 1.5-4
+- Fix CVE-2021-20270: infinite loop in SML lexer which may lead to DoS
+Resolves: rhbz#1922136
+
 * Thu May 24 2018 Charalampos Stratakis <cstratak@redhat.com> - 1.5-3
 - Rebuild for multi-arch bootstrap